Update the CSI Secret Identity to use a BYO Managed User and Setup the required federation

Question

Update the CSI Secret Identity to use a BYO Managed User and Setup the required federation

khowling opened this issue a year ago · 4 comments

As described here
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access#access-with-an-azure-ad-workload-identity

Answer 1 · 2023-08-13T11:08:06.000Z

It is specific to the workload (service account) - so perhaps more relevant to https://github.com/Azure-Samples/java-aks-keyvault-tls ?

Answer 2 · 2023-08-13T18:03:58.000Z

Good Shout, but we've been having issues consuming aksc in a workload repo, selecting csi&keyvault options, then configuring the workload to use it with federated identity. I cant see how its possible at the moment without the workload repo needing to create their own keyvault. This pattern need attention!

Answer 3 · 2023-08-14T20:01:10.000Z

Agreed, I think the app would need their own keyvault. Rbac will become tricky.

Answer 4 · 2023-09-14T09:25:50.000Z

Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.